JWE encryption with TPM sealed encryption key metadata

[salrashid123]

hi-

i'm new to using this specific library and wanted to get some thoughts around the proper way to incorporate TPM based keys with JWE.

The general idea is that if i'm on a VM with a trusted platform module (TPM), i can use it to seal some small bit of data into a TPM object and represent that as PEM file (for example). Then if i wanted to unseal the data, i can only do that on that same TPM.

to combine that with what i understand are the constructs in this library and JWE, i'd do the following:

1. generate a random aes key
2. "seal" that into a TPM object and represent that as PEM
3. set the key in (1) as the encryption key which further encodes content key
4. use the content encrytion key against the plaintext payload
5. add the sealed TPM key as unprotected header

	rootkey := make([]byte, 32)
	err := rand.Read(rootkey)
      
       // generate a TPM object and "seal" the rootkey
       // i've omitted all that from here

      // get the object PEM representation of the object and set that as a jwe.Header 

	h := jwe.NewHeaders()
	h.Set("tpm_key", "-----BEGIN TSS2 PRIVATE KEY-----\nbMIICFAYGZ4EFCgEDoAMBAf8CBEAA...")

        // now use the root key to encode JWE as normal
	fromRawKey, err := jwk.Import(rootkey)

        // set the pem tpm part as a header
	encrypted, err := jwe.Encrypt(payload, jwe.WithKey(jwa.A128KW(), fromRawKey, jwe.WithPerRecipientHeaders(h)))

so you'll end up with something like this

{
  "ciphertext": "TYqD60p17tRbMvQ",
  "encrypted_key": "eg_w8gT48w-X7DjAU_fXtvG8uBzXz91rSP3HZYEF33lq6UJcIl7qvA",
  "header": {
    "alg": "A128KW",
    "tpm_key": "-----BEGIN TSS2 PRIVATE KEY-----\nbMIICFAYGZ4EFCgEDoAMBAf8CBEAA..."
  },
  "iv": "s0m0ROYSr6mWAm6a",
  "protected": "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMjU2R0NNIiwidHBtX2tleSI6Ii0tLS0tQkVHSU4gVFNTMiBQUklWQVRFIEtFWS0tLS0tXG5iTUlJQ0ZBWUdaNEVGQ2dFRG9BTUJBZjhDQkVBQS4uLiJ9",
  "tag": "DXABwL9VADLuamj-ltP3SA"
}

to decrypt, i'll first extract (unseal) the root key from the tpm_key header and and supply that back to this library...

does it seem ok to use the headers like this? Also i used jwa.A128KW() above but maybe i could also use jwa.DIRECT()

the example above uses tpm's seal/unseal capability...there's also a way to do this remotely too (i.,e you can create a JWE intended for a remote system which can only get decrypted there)....its basically this: https://github.com/salrashid123/go-tpm-wrapping (you can also transfer arbitrary keys in pem format too (tpmcopy)

---

fwiw, on the topic of TPM, it seems you can 'just supply' a crypto.Signer pointing to a TPM object outright, see example

[salrashid123]

ok, its a private header like this

https://datatracker.ietf.org/doc/html/rfc7516#page-15

4.3.  Private Header Parameter Names

   A producer and consumer of a JWE may agree to use Header Parameter
   names that are Private Names: names that are not Registered Header
   Parameter names (Section 4.1) or Public Header Parameter names
   (Section 4.2).  Unlike Public Header Parameter names, Private Header
   Parameter names are subject to collision and should be used with
   caution.